[systemd-devel] Delaying (SSH) key generation until the urandom pool is initialized

Kirill Elagin kirelagin at gmail.com
Wed Apr 30 03:14:52 PDT 2014


On Apr 30, 2014 12:23 PM, "Tom Gundersen" <teg at jklm.no> wrote:
>
>
> On 30 Apr 2014 09:21, "Florian Weimer" <fweimer at redhat.com> wrote:
> > I don't know if we can change /dev/urandom to block because that
doesn't look very backwards-compatible to me.
>
> I have seen Ted Ts'o write about wanting this, but I don't know much
more. Alternatively the kernel could send us an event when it is ready, and
we can have a service waiting for this, which other services can order
against. Simply blocking in the kernel would be simpler though, if we can
pull it off without breaking things...

Things that will break after implementing this are broken already anyway.
Getting randomness before the generator is properly initialized makes no
sense.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140430/f30ba981/attachment.html>


More information about the systemd-devel mailing list